Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo, Representative Director, President and CEO: Toshihiro Koike, hereinafter “our company”), a global security manufacturer that develops anti-hacker services, announces the “Web Application Cyberattack Detection Report” (hereafter “this report”) recorded from January 1 to December 31, 2022. 
This report contains the cyberattack logs observed by our Cloud-based WAF, Shadankun, which visualizes and blocks cyberattacks on web applications, and the public cloud WAF automated operation service, WafCharm. We aggregate, analyze and calculate.
Cyberattacks are on the rise year by year, and countermeasures are urgently needed for companies. However, there is the problem that cyberattacks are invisible, so they do not feel close to us. By clarifying the actual situation of cyberattacks, this report is intended to make more people feel the need to strengthen cybersecurity.

<<Report Summary>>
■ We detect attack of 17 times in one second.
■ In terms of attacking IPs, the United States ranked first at 49%, followed by Japan at 20%.
■ The most popular type of attack was the “Web attack,” which is a simple attack carried out indiscriminately against vulnerabilities in the software that makes up the Web server, accounting for approximately 44% of the total. “SQL injection” continues to emerge and is on the rise.

■ Total number of detections and trends: 17 cyberattacks detected per second

From January 1, 2022 to December 31, 2022, the total number of cyberattacks against web applications detected by us was 523,210,675. In addition, 42,041 cases per host (*) means that 17 cyberattacks are detected per second.
Cyberattacks themselves are not aimed at one company, but are launched indiscriminately at various companies, so nowadays, cyber-attacks can happen to any company.
* Estimated using the total number of protected hosts of Shadankun" (Web type: FQDN number, server type: IP number) and the number of protected hosts of "WafCharm" (WebACL) as the denominator.

■ The top attack source IP is the United States at 49%, accounting for almost half of all attack detections.

Regarding the cyberattacks on web applications detected by our company, looking at the attack source IP by country, in 2022, attacks from the United States will be the most common at 49%, followed by Japan in 20%, and Canada in 3rd. 6%, followed by Germany and France. Compared to 2021, we can see a significant increase in attacks from the United States.
However, since before, when a large-scale organization launches a targeted attack, it does not directly access the target, but passes through data centers in various countries many times along the way, allowing the other party to identify the location of the true source of the attack. Camouflage has also become very common to avoid being noticed.

■ By type of attack, 44% ranked first, and “Web attack”. “SQL injection” in 3rd place increased from last year.

Looking at the attack status by major attack type during this survey period, the major trends have not changed significantly from 2021. The most common was "Web attack", which is a simple attack carried out indiscriminately against vulnerabilities in the software that makes up web servers, accounting for approximately 44% of the total, a significant increase from 2021.
On the other hand, “Blacklisted user agents”, which are attacks by bots using vulnerability scanning tools, etc., decreased to 26% from 2021.
What I would like to pay attention to is “SQL injection,” which is ranked 3rd, and although the population is small, it is increasing. The damage caused by this attack is enormous because database data can be illegally read, or data can be tampered with or deleted. As of the end of 2022, the damage will still be significant, so we need to continue to be vigilant.

■ What is the increasing number of SQL injections?

SQL injection is when an attacker creates an illegitimate "SQL statement (a statement that moves database information)" and "injects" it by exploiting the vulnerability (incompleteness/vulnerability) of a website, etc. It is an attack that manipulates the database unfairly .
As a countermeasure, there are always updating the web application to the latest version and escaping that can disable the attack, but it is often difficult to eliminate the vulnerability itself. It is important to use a WAF (Web Application Firewall) as necessary to monitor, detect, and block attacks.

■ There is an urgent need to strengthen cybersecurity throughout the entire supply chain, including one's own company
In 2022, due to the impact of the global situation, the potential risk of cyberattacks, both in Japan and overseas, has increased sharply, including an increase in cyberattacks.
Typical examples include supply chain attacks and BEC (business email compromise), as well as Russia-backed cyber attack group "Killnet" declaring war on Japan, and government and corporate "DDoS attacks" damage. happened one after another.
On the other hand, as an update to laws and regulations related to cybersecurity, the revised Personal Information Protection Act came into effect in April 2022, making it mandatory to report personal information leaks. In addition, the fines for violating orders from the Personal Information Protection Commission or making false reports have been greatly increased to a maximum of 100 million yen or less. Movement to strengthen cybersecurity throughout Japan continues to grow.
Cyberattacks are expected to continue to increase in 2023, and there is a need to strengthen cybersecurity throughout the entire supply chain, rather than just strengthening countermeasures within the company itself. To that end, it is important to consider the necessary countermeasures within the company, including the supply chain, and to continue to review and improve them while continuously managing and operating them.
Our management philosophy is to create a safe and secure cyberspace for people around the world. By regularly collecting and analyzing the actual situation of cyber attacks, we will support various companies who are worried about specific cyber attack countermeasures while strengthening cyber security is an urgent need.

■ About Cyber Security Cloud, Inc., Ltd.
Company name: Cyber Security Cloud, Inc.
Location: JR Tokyu Meguro Building 13F, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo 141-0021
Representative: Toshihiro Koike, Representative Director, President and CEO
Established: August 2010
URL: https://www.cscloud.co.jp
Cyber Security Cloud has a management philosophy of "creating a safe and secure cyber space for people around the world", and utilizes world-class cyber threat intelligence and AI technology to provide web application security services and vulnerability information collection.・We provide anti-hacker services such as management tools. We will continue to contribute to the promotion of the information revolution as one of the leading global companies in cyber security, with a focus on WAF.

Main deployment services:
Cloud-based WAF “Shadankun”: https://www.shadan-kun.com
- Public cloud WAF automated operation service "WafCharm": https://www.wafcharm.com
- "WafCharm for AWS Marketplace" with tamper detection function: https://www.wafcharm.com/jp/aws-mp
- Cyber Security Cloud Managed Rules for AWS WAF: A carefully selected set of rules for AWS WAF.
https://aws.amazon.com/marketplace/seller-profile?id=baeac351-6b7c-429d-bb20-7709f11783b2– Vulnerability information collection and management service “SIDfm”: https://sid-fm.com

■ Survey overview
・ Survey period: January 1, 2022 to December 31, 2022
・Survey target: User accounts using “Shadankun” and “WafCharm”
・Investigation method: Analysis of cyber attack logs observed by “Shadankun” and “WafCharm”